CVE-2008-1151
published 2008-03-27CVE-2008-1151: Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory…
high7.1CVSS 3.1
AVNACMAuNCNINAC
Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios | <= 12.2 | — |
| cisco | ios_virtual_private_dial-up_network | — | — |
GHSA
GHSA-5247-6v69-x2p9: Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12
ghsa_unreviewed·2022-05-01
CVE-2008-1151 [HIGH] GHSA-5247-6v69-x2p9: Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12
Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566.
Cisco
Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
vendor_cisco·2008-03-26·CVSS 7.1
CVE-2008-1150 [HIGH] CWE-399 Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
Two vulnerabilities exist in the virtual private dial-up network (VPDN)
solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco
IOS releases prior to 12.3. PPTP is only one of the supported tunneling
protocols used to tunnel PPP frames within the VPDN solution.
The first vulnerability is a memory leak that occurs as a result of
PPTP session termination. The second vulnerability may consume all interface
descriptor blocks on the affected device because those devices will not reuse
virtual access interfaces. If these vulnerabilities are repeatedly exploited,
the memory and/or interface resources of the attacked device may be
depleted.
Cisco has made free software available to address these vu
Cisco
Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
vendor_cisco·CVSS 0.0
CVE-2008-1151 Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
CVE-2008-1151: Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution. The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted. Cisco has made free software available to addr
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/29507http://securitytracker.com/id?1019714http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtmlhttp://www.securityfocus.com/bid/28460http://www.us-cert.gov/cas/techalerts/TA08-087B.htmlhttp://www.vupen.com/english/advisories/2008/1006/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41483https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5287http://secunia.com/advisories/29507http://securitytracker.com/id?1019714http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtmlhttp://www.securityfocus.com/bid/28460http://www.us-cert.gov/cas/techalerts/TA08-087B.htmlhttp://www.vupen.com/english/advisories/2008/1006/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41483https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5287
2008-03-27
Published